Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/Noj_9do8kX82MKJJgGb1y40-t3U.roa
File:                     Noj_9do8kX82MKJJgGb1y40-t3U.roa (raw, json)
Hash identifier:          SdqCIcKd0H3LieGmRVe50CMXBxMUeqw5i8DFezV1C74=
Subject key identifier:   36:88:FF:F5:DA:3C:91:7F:36:30:A2:49:80:66:F5:CB:8D:3E:B7:75
Certificate issuer:       /CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
Certificate serial:       0188ED78CEA65E39E13E0D8A096BB2FFEF86
Authority key identifier: DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/Noj_9do8kX82MKJJgGb1y40-t3U.roa
Signing time:             Sat 24 Jun 2023 12:54:57 +0000
ROA not before:           Sat 24 Jun 2023 12:54:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     25369
IP address blocks:        5.105.79.0/24 maxlen: 24
                          5.105.91.0/24 maxlen: 24
                          5.105.90.0/24 maxlen: 24
                          5.105.92.0/24 maxlen: 24
                          5.105.93.0/24 maxlen: 24
                          5.105.108.0/24 maxlen: 24
                          5.105.38.0/24 maxlen: 24
                          217.67.64.0/22 maxlen: 22
                          5.105.39.0/24 maxlen: 24
                          5.105.223.0/24 maxlen: 24
                          5.105.222.0/24 maxlen: 24
                          5.105.224.0/24 maxlen: 24
                          5.105.225.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 05 Sep 2023 14:46:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:ed:78:ce:a6:5e:39:e1:3e:0d:8a:09:6b:b2:ff:ef:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
        Validity
            Not Before: Jun 24 12:54:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3688fff5da3c917f3630a2498066f5cb8d3eb775
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:a2:c7:1e:03:51:8c:7b:c5:6c:8e:4d:4e:a6:
                    04:e7:52:9b:d7:15:2b:6d:70:86:19:ac:15:61:5a:
                    9c:7d:de:f7:04:b9:e5:2a:86:1a:4d:10:31:e9:1d:
                    11:0e:d3:9e:1b:76:b6:fb:65:a7:09:95:4b:55:38:
                    d6:5c:0f:23:8d:5e:e4:a0:4c:59:c5:d4:3f:8c:47:
                    0b:46:14:8b:28:92:c2:23:e3:f5:0e:b3:1f:40:a4:
                    ab:6f:1a:78:98:80:c1:cc:2c:f2:29:69:1b:75:76:
                    2a:47:e0:75:0b:7c:6e:13:fa:2f:bc:6e:da:12:3a:
                    35:cf:54:78:01:c0:a5:ae:c1:e8:3e:7a:7e:eb:4c:
                    9f:ec:8f:52:42:2e:a4:0d:25:14:36:83:d4:00:f6:
                    e6:95:a6:b0:c3:48:ed:12:99:55:5d:5f:a8:1c:be:
                    10:76:92:97:63:1f:f3:ec:fc:4a:0e:0d:ac:0d:83:
                    ac:98:87:f4:17:ed:35:39:00:d8:7a:d8:41:43:ce:
                    e0:dd:d6:12:13:41:3b:ad:8e:98:8c:c0:e2:03:c5:
                    e5:4e:70:ff:db:9b:fb:f0:a1:08:dd:ab:91:f2:d4:
                    b5:49:d9:8b:36:81:91:ba:8f:7e:e7:7c:46:c0:ff:
                    1a:a3:c4:f5:e4:2a:c9:55:12:03:81:45:eb:aa:e8:
                    9b:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:88:FF:F5:DA:3C:91:7F:36:30:A2:49:80:66:F5:CB:8D:3E:B7:75
            X509v3 Authority Key Identifier:
                keyid:DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/Noj_9do8kX82MKJJgGb1y40-t3U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.105.38.0/23
                  5.105.79.0/24
                  5.105.90.0-5.105.93.255
                  5.105.108.0/24
                  5.105.222.0-5.105.225.255
                  217.67.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ca:b1:22:0a:24:d6:e7:1f:27:30:fe:33:8b:6b:44:0a:82:c2:
         c7:b2:13:b8:f4:43:c6:49:c3:3f:d1:18:12:dd:f9:f2:df:0d:
         e1:c9:bb:a6:b0:6b:0c:9b:c6:9d:2c:7c:68:2b:90:92:97:af:
         dc:91:9c:81:f7:71:b5:05:cc:3c:c0:48:a2:cc:79:75:96:81:
         ca:00:e9:dc:9c:1c:82:dd:0f:62:8f:32:8b:5c:b4:bb:fc:cc:
         f9:73:cb:9a:c4:a3:74:27:e0:cf:1b:59:9b:af:67:fa:9c:20:
         c8:10:e0:cd:36:f3:e3:aa:ef:97:49:50:17:29:18:55:27:3e:
         78:42:c0:13:67:0a:04:b2:e8:da:af:8b:8f:50:81:94:c8:1a:
         1d:a1:41:96:ff:fa:89:ba:a6:b9:dd:78:4a:5d:9e:37:a7:8b:
         d6:ec:94:51:fd:2e:57:0b:e5:b9:02:da:6e:28:2a:f4:4b:1a:
         63:cd:5c:a7:a5:b0:2f:e1:cb:9c:2b:ce:ec:04:ca:1a:0c:bd:
         28:f0:12:ee:57:e5:4f:d1:ba:33:62:46:5b:15:a7:08:a4:49:
         88:31:91:17:a8:51:35:94:d5:f1:67:c7:bd:4b:2e:04:59:13:
         0b:fd:c1:21:fd:80:90:fa:de:19:ee:00:c6:9f:5c:5c:5e:4b:
         81:76:17:9c
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAYjteM6mXjnhPg2KCWuy/++GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkZjhiNDUyNTRlNTQ3MGQxZDRjY2U2ZmI3ZGZkNGQwZDgz
YjVkNTkwHhcNMjMwNjI0MTI1NDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjg4ZmZmNWRhM2M5MTdmMzYzMGEyNDk4MDY2ZjVjYjhkM2ViNzc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh6LHHgNRjHvFbI5NTqYE51Kb1xUr
bXCGGawVYVqcfd73BLnlKoYaTRAx6R0RDtOeG3a2+2WnCZVLVTjWXA8jjV7koExZ
xdQ/jEcLRhSLKJLCI+P1DrMfQKSrbxp4mIDBzCzyKWkbdXYqR+B1C3xuE/ovvG7a
Ejo1z1R4AcClrsHoPnp+60yf7I9SQi6kDSUUNoPUAPbmlaaww0jtEplVXV+oHL4Q
dpKXYx/z7PxKDg2sDYOsmIf0F+01OQDYethBQ87g3dYSE0E7rY6YjMDiA8XlTnD/
25v78KEI3auR8tS1SdmLNoGRuo9+53xGwP8ao8T15CrJVRIDgUXrquibzQIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFDaI//XaPJF/NjCiSYBm9cuNPrd1MB8GA1UdIwQY
MBaAFN34tFJU5UcNHUzOb7ff1NDYO11ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2It
ODkzOTA2ZmI3ODU4LzEvTm9qXzlkbzhrWDgyTUtKSmdHYjF5NDAtdDNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2ItODkzOTA2ZmI3ODU4
LzEvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDA6BAIAATA0AwQBBWkmAwQA
BWlPMAwDBAEFaVoDBAEFaVwDBAAFaWwwDAMEAQVp3gMEAQVp4AMEAtlDQDANBgkq
hkiG9w0BAQsFAAOCAQEAyrEiCiTW5x8nMP4zi2tECoLCx7ITuPRDxknDP9EYEt35
8t8N4cm7prBrDJvGnSx8aCuQkpev3JGcgfdxtQXMPMBIosx5dZaBygDp3Jwcgt0P
Yo8yi1y0u/zM+XPLmsSjdCfgzxtZm69n+pwgyBDgzTbz46rvl0lQFykYVSc+eELA
E2cKBLLo2q+Lj1CBlMgaHaFBlv/6ibqmud14Sl2eN6eL1uyUUf0uVwvluQLabigq
9EsaY81cp6WwL+HLnCvO7ATKGgy9KPAS7lflT9G6M2JGWxWnCKRJiDGRF6hRNZTV
8WfHvUsuBFkTC/3BIf2AkPreGe4Axp9cXF5LgXYXnA==
-----END CERTIFICATE-----